3 Copyright Statement 2010 Realtime Publishers. All rights reserved. This site contains materials that have been created, developed, or commissioned by, and published with the permission of, Realtime Publishers (the Materials ) and this site and any such Materials are protected by international copyright and trademark laws. THE MATERIALS ARE PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. The Materials are subject to change without notice and do not represent a commitment on the part of Realtime Publishers its web site sponsors. In no event shall Realtime Publishers or its web site sponsors be held liable for technical or editorial errors or omissions contained in the Materials, including without limitation, for any direct, indirect, incidental, special, exemplary or consequential damages whatsoever resulting from the use of any information contained in the Materials. The Materials (including but not limited to the text, images, audio, and/or video) may not be copied, reproduced, republished, uploaded, posted, transmitted, or distributed in any way, in whole or in part, except that one copy may be downloaded for your personal, noncommercial use on a single computer. In connection with such use, you may not modify or obscure any copyright or other proprietary notice. The Materials may contain trademarks, services marks and logos that are the property of third parties. You are not permitted to use these trademarks, services marks or logos without prior written consent of such third parties. Realtime Publishers and the Realtime Publishers logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective owners. If you have any questions about these terms, or if you would like information about licensing materials from Realtime Publishers, please contact us via at ii

4 Using Web Security Services to Protect Portable Devices Today s workforce is a security challenge. Employees no longer follow strict guidelines from the IT department regarding computer use at work, computer security measures, personal computing devices used for work, and so on. In fact, many CxO s find that the stricter the rules, the less employees pay attention, leading to even less IT control of the computer infrastructure. One particularly difficult area to secure is the multiple location workforce. This type of employee works at home one or two days a week, and perhaps travels out of town on business a couple of times a month. She cannot be disconnected from the office during all of those times, so she has a laptop to do her work and a couple of USB drives to move data around when switching computers. This type of work flexibility is quickly becoming common. To get an idea of how widespread this situation has become, Forrester Research reported earlier this year that 64% of US based employees telecommute at least one day per week. And these numbers are expected to continue to grow over time. Understanding the Security Challenge of Portable Users and Devices You ve seen that many employees regularly work outside the traditional workplace. Another interesting data point is that this kind of work flexibility can lead to an increase in incoming attacks. For example, the following graph (see Figure 1) shows that the likelihood of a network being attacked consistently increases as the number of remote workers increases (Source: Webroot Research, May 2010). 1

5 75 100% Percentage of corporate network users requiring remote access 50 74% 25 49% No attacks 1+ attacks 1 24% Percentage of companies per user category reporting either no or 1+ attacks in the last year Figure 1: Telecommuting can lead to an increase in incoming attacks. These statistics should alarm you. Not only are a large number of employees working outside the traditional office, they are doing so frequently and without formal documentation. In many cases, IT decision makers and technologists are unaware that it is happening. Planning a security strategy against an unknown workplace behavior is, at best, a difficult challenge. Let s take a look at a common small business network. For simplicity, the components shown in Figure 2 are limited to the components that impact Web security. Internet Laptop Wi Fi Access Point Switch Proxy Server Firewall Figure 2: A laptop connecting through a corporate network to a Web site. You can see that the corporate network is well protected. We have encrypted data between the laptop and the wireless access point, often using advanced encryption such as Wi Fi Protected Access (WPA) and mutual authentication. The proxy server does a great job of applying corporate rules around data use, filtering some types of content, and so on. We also have a dedicated firewall to block all types of attacks including Web based threats. This setup compares unfavorably to the typical home network that an employee uses at least one day a week (see Figure 3). 2

6 Figure 3: Much less security in the work at home flow. Figure 3 shows a lot less complexity. Although simplicity can mean improved security, in this case, it is not a benefit. The wireless connection to the access point is typically either unencrypted or uses weak Wired Equivalent Privacy (WEP) cryptography. And the typical combination router and access point device supplied by an Internet Service Provider (ISP) does not offer significant defense against Web based attackers. Note Figure 3 shows a work at home flow; the same diagram accurately represents most public wireless access such as coffee shops, airports, and libraries. A core problem lies in the fact that the same laptop (or any other portable device) will be used at multiple locations. Each of those locations has its own security protecting it against Web threats. But, as you can see from these two figures, security between networks varies drastically. Addressing Security on Portable Devices The historic approach to dealing with portable users and devices connecting to dubious networks has been to implement client centric security putting very stringent security measures on the client computer (in this case, the laptop). But this method introduces numerous drawbacks and challenges to the IT professional: Computers that do not update security or operating system (OS) software Computers that fail to apply current security policy from the office network Computers that remain compromised over time Users that subvert security measures, intentionally or unintentionally Users that employ corporate resources at home and violate corporate policy, such as browsing illegal or inappropriate Web sites Users that unintentionally transport malware between home and work networks, circumventing corporate security measures 3

7 This is not to say that local security measures do not have value. On the contrary, malware scanners and firewalls prevent numerous attacks on roaming client computers every day. But they cannot be relied upon for complete protection in an unmanaged workflow or in risky environments. Cloud Based Web Security Cloud based security has recently evolved as a strong solution to address the challenges of portable device security. It complements other security measures by providing an extra layer of security against Web threats. Typically, cloud based Web security solutions are managed by the cloud provider, which means the security follows the device and works equally well from home, work, and the coffee shop. Figure 4: Using a common cloud based security solution from any location. Figure 4 illustrates how the cloud based Web security approach it integrates into both the corporate and home network environments. There are numerous benefits to this type of security approach: Continue to receive security benefits from existing security solutions Consistent security policy applied at all locations Dedicated third party management of security solutions, often with guaranteed service levels Simple integration into existing networks and devices Reduced security workload for corporate IT personnel Centralized accounting and reporting of Web activities for compliance reporting Layered security controls provide complementary security benefits 4

8 One indirect benefit that is difficult to quantify is the knowledge that both corporate and remote users have a constantly managed security layer between them and attackers. Many of the worldwide computer security threats over the past several years would have no impact on systems that use this type of security. Summary All IT resources need to be protected. Whether they re used in the home or workplace, devices that are compromised will cost the company time and money. And as more employees take their work home regularly, solutions must be in place that help protect users and keep their systems in compliance with policy. An excellent solution to this challenge is the recent advancement of cloud based security solutions, which complement existing security and work virtually anywhere to filter Web based threats and policy violations. 5

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Securing Endpoints without a Security Expert sponsored by Introduction to Realtime Publishers by Don Jones, Series

Deploying and Managing Private Clouds The Essentials Series Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud sponsored by Managing for the Long Term: Keys to

Using Cloud Services to Improve Web Security The Essentials Series Can You Trust a Cloud-based Security Solution? sponsored by Ca n You Trust a Cloud Based Security Solution?... 1 Clo ud Security Service

The Essentials Series: Increasing Performance in Enterprise Anti-Malware Software Best Practices in Deploying Anti-Malware for Best Performance sponsored by by Eric Schmidt Be st Practices in Deploying

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop Virtualization...

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Streamlining Web and Email Security sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Deploying and Managing Private Clouds The Essentials Series Steps to Migrating to a Private Cloud sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime

Security Management Tactics for the Network Administrator The Essentials Series Controlling and Managing Security with Performance Tools sponsored by Co ntrolling and Managing Security with Performance

Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

The Essentials Series: Making High Availability Pay For Itself Relating High Availability Metrics to Business Value sponsored by by Relating High-Availability Metrics to Business Value... 1 How to Explain

Collaborative and Agile Project Management The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Streamlining Configuration Management The Essentials Series How Configuration Management Tools Address the Challenges of Configuration Management sponsored by Introduction to Realtime Publishers by Don

Taking a Fresh Look at Business Continuity and Disaster Recovery The Essentials Series sponsored by Introduction to Realtime Publishers by, Series Editor For several years now, Realtime has produced dozens

How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis SDDC Powered Virtual Desktops and Applications... 1 Three Pillars of SDDC and Desktop/Application

Protecting Data with a Unified Platform The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Article 1: Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop

Deploying and Managing Private Clouds The Essentials Series Tips and Best Practices for Managing a Private Cloud sponsored by Tip s and Best Practices for Managing a Private Cloud... 1 Es tablishing Policies

The Essentials Series: Configuring High Availability for Windows Server 2008 Environments Non-Native Options for High Availability by Non-Native Options for High Availability... 1 Suitability and Cost...

The Essentials Series: Important Questions in Implementing Virtual Desktops Where Do I Start With Virtual Desktops? sponsored by by W here Do I Start with Virtual Desktops?... 1 W hat Is a Virtual Desktop?...

How to Protect Your Business from Malware, Phishing, and Cybercrime The SMB Security Series Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime sponsored by Introduction

Real World Considerations for Implementing Desktop Virtualization The Essentials Series sponsored by Intro duction to Desktop Virtualization for the IT Pro... 1 What Is Desktop Virtualization?... 2 VDI

Collaborative and Agile Project Management The Essentials Series sponsored by Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens

The Essentials Series: Solving Network Problems Before They Occur How to Use SNMP in Network Problem Resolution sponsored by KNOW YOUR NETWORK by Greg Shields Ho w to Use SNMP in Network Problem Resolution...

How to Install SSL Certificates on Microsoft Servers Introduction to Realtime Publishers by Don Jones, Series Editor For several years now, Realtime has produced dozens and dozens of high quality books

The Essentials Series: Code-Signing Certificates What Are Certificates? sponsored by by Don Jones W hat Are Certificates?... 1 Digital Certificates and Asymmetric Encryption... 1 Certificates as a Form

Maximizing Your Desktop and Application Virtualization Implementation The Essentials Series sponsored by David Davis Article 1: Using Hosted Applications with Desktop Virtualization... 1 The State of Desktop

Log Management: Best Practices for Security and Compliance The Essentials Series Best Practices for Log File Management (Compliance, Security, Troubleshooting) sponsored by Introduction to Realtime Publishers

The Essentials Series: Infrastructure Management Realizing the IT Management Value of Infrastructure Management sponsored by by Chad Marshall Realizing the IT Management Value of Infrastructure Management...1

The Essentials Series: Configuring High Availability for Windows Server 2008 Environments The Art of High Availability by The Art of High Availability... 1 Why Do We Need It?... 1 Downtime Hurts... 1 Critical

The Essentials Series: Infrastructure Management Understanding the Business Value of Infrastructure Management sponsored by by Chad Marshall Understanding the Business Value of Infrastructure Management...1

Protecting Client Data in the Cloud: A Channel Perspective The Essentials Series What Are Cloud-Connected Data Protection Services About? Architectural Advice for Resellers sponsored by Introduction to

Virtualization Backup and Recovery Solutions for the SMB Market The Essentials Series How Traditional Physical Backup Imaging Technology Fits Into a Virtual Backup Solution sponsored by Introduction to

10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015

TrendLabs Data exfiltration is the final stage of a targeted attack campaign where threat actors steal valuable corporate information while remaining undetected. 1 43% of most serious threats to the company

How the Software-Defined Data Center Is Transforming End User Computing The Essentials Series sponsored by David Davis Building the Future of the Desktop on the Software-Defined Data Center... 1 What Is

MAKING THE RIGHT CONNECTIONS The risks of using public Wi-Fi for business The Connected Workplace Series The Rise of Mobile Devices in the Workplace Laptop shipments have surpassed desktop shipments, smartphone

Building Business Productivity with Unified Communications The Essentials Series Networking for Increased Productivity and Reduced Costs sponsored by Introduction to Realtime Publishers by Don Jones, Series

Long Island IVF Terms and Conditions of Use BY USING THIS WEBSITE, YOU AGREE TO THE FOLLOWING TERMS AND CONDITIONS. PLEASE READ THE FOLLOWING CAREFULLY. IF YOU DO NOT AGREE WITH THE FOLLOWING, YOU SHOULD

Types of cyber-attacks And how to prevent them Introduction Today s cybercriminals employ several complex techniques to avoid detection as they sneak quietly into corporate networks to steal intellectual

Best Practices for Secure Mobile Access A guide to the future. Abstract Today, more people are working from more locations using more devices than ever before. Organizations are eager to reap the benefits

User Agreement Quality. Value. Efficiency. Welcome to QVuE, the Leaders Network on Quality, Value and Efficiency website sponsored by The Medicines Company. The information provided in this Webinar Series